Slashdot Mirror

← Back to Stories (view on slashdot.org)

Federal Computers Fail Hacker Test

Posted by timothy on from the an-f-for-the-department-of-education dept.

Nintendork writes: "An article by the Associated Press, published on CNN tells of the latest network security report cards earned by Federal agencies. The Department of Defense along with several others failed. I hope terrorists that pose physical threats don't have any script kiddies in their arsenal."

4 of 125 comments (clear)

  1. Re:nArf?! by Evro · · Score: 2, Informative

    Read this: http://www.zdnet.com/zdnn/stories/news/0,4586,5094 508,00.html

    --
    rooooar
  2. Vulnerabilities by Rebulator · · Score: 4, Informative

    It's been known for quite some time that government agencies are quite an easy target. The fact is, most agencies are not centrally controlled as to what software they need to run, much less what service packs/security patches that need to be installed.

    I was on an independant team to go over several different agencies policies and security models concerning the Internet, and this is what we found.

    1) Most of the time we could find a vulnerable host on a network to exploit from the Internet with an off the shelf exploit.

    2) The hosts and their networks usually tend to not have much information worth a terrorists time. I'm not saying that this is an excuse, merely pointing out the fact that if they're running a default install of IIS4, most of the time there isn't much on the network worth the time invested.

    3) Most networks with something worth looking for, have some levels of security in place.

    All of that said, I can assure you that most skript kiddies (the ones that posted to attrition.net, etc) don't have the knowledge to gain access to anything more than a default install on a jpl or nasa.gov host.

    Reb

  3. Re:It also doesn't tell WHICH computers. by Col.+Panic · · Score: 2, Informative
    I doubt there's any sensitive, highly classified information stored on 95% of government computers

    Maybe not, but if there is a trust relationship among computers on the network and one is compromised, you have access to all of them. That changes your odds a bit.

  4. The report itself by jamie · · Score: 3, Informative
    Here's the presentation by Robert Dacey (Director of IS Issues at the GAO), which the AP story references. Always more enlightening to go to the source:

    http://www.gao.gov/new.items/d02231t.pdf